neil/sonarqube-action
1
0
Fork 0
mirror of https://github.com/kitabisa/sonarqube-action.git synced 2025-11-01 13:44:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: neil:master
Branches Tags
neil:master
neil:development
neil:v1.2.1
neil:v1.2.0
neil:v1.1.2
neil:v1.1.1
neil:v1.1.0
neil:v1.0.1
neil:v1.0.1-dev
neil:v1.0.0
neil:v1.0.0-rc.1
neil:v0.1.2
neil:v0.0.1
..
compare: neil:v1.0.1-dev
Branches Tags
neil:master
neil:development
neil:v1.2.1
neil:v1.2.0
neil:v1.1.2
neil:v1.1.1
neil:v1.1.0
neil:v1.0.1
neil:v1.0.1-dev
neil:v1.0.0
neil:v1.0.0-rc.1
neil:v0.1.2
neil:v0.0.1

1 Commits
master ... v1.0.1-dev

Author SHA1 Message Date
Dwi Siswanto
73c272d7a5 Removes a constant value that will rewrite values of properties 2020-07-21 23:20:39 +07:00
5 changed files with 50 additions and 92 deletions
Show Stats Expand all files Collapse all files

1
CODEOWNERS
View File

@ -1 +0,0 @@
* @dwisiswant0

11
Dockerfile
View File

@ -1,15 +1,22 @@
FROM sonarsource/sonar-scanner-cli:4
FROM newtmitch/sonar-scanner:4.0.0-alpine
LABEL "com.github.actions.name"="SonarQube Scan"
LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
LABEL "com.github.actions.icon"="check"
LABEL "com.github.actions.color"="green"
LABEL version="0.0.2"
LABEL version="0.0.1"
LABEL repository="https://github.com/kitabisa/sonarqube-action"
LABEL homepage="https://kitabisa.github.io"
LABEL maintainer="dwisiswant0"
RUN npm config set unsafe-perm true && \
npm install --silent --save-dev -g typescript@3.5.2 && \
npm config set unsafe-perm false
ENV NODE_PATH "/usr/lib/node_modules/"
RUN apk add --no-cache ca-certificates jq
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

58
README.md
View File

@ -2,76 +2,52 @@
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
<img src="https://assets-eu-01.kc-usercontent.com/d1e40bf0-65fc-01ef-5235-9aeaedac229b/12e3974b-220d-4cde-8f17-2ff9fa9d9c27/SonarQube_Logo.svg" width="320px">
<img src="https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg" width="320px">
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
## Requirements
* [SonarQube server](https://docs.sonarqube.org/latest/setup/install-server/).
* That's all!
* Have SonarQube on server. [Install now](https://docs.sonarqube.org/latest/setup/install-server/) if it's not already the case!
## Usage
The workflow, usually declared in `.github/workflows/build.yaml`, looks like:
The workflow, usually declared in `.github/workflows/build.yml`, looks like:
```yaml
on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
on: push
name: Main Workflow
jobs:
sonarqube:
sonarQubeTrigger:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- name: Checking out
uses: actions/checkout@master
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- uses: actions/checkout@master
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@v1.2.0
uses: kitabisa/sonarqube-action@master
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
```
You can change the analysis base directory and/or project key by using the optional input like this:
You can change the analysis base directory and/ project key _(allowed characters: letters, numbers, -, \_, . and :, with at least one non-digit.)_ by using the optional input like this:
```yaml
uses: kitabisa/sonarqube-action@master
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
projectBaseDir: "src/"
projectBaseDir: "/path/to/my-custom-project"
projectKey: "my-custom-project"
projectName: "my-custom-project-name"
projectVersion: "v0.0.1"
```
### Inputs
## Secrets
These are some of the supported input parameters of action.
- `host` - **_(Required)_** this is the SonarQube server URL.
- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/).
- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token.
| **Parameter** | **Description** | **Required?** | **Default** | **Note** |
|----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|
| **`host`** | SonarQube server URL | 🟢 | | |
| **`login`** | Login or authentication token of a SonarQube user | 🟢 | | `Execute Analysis` permission required. |
| **`password`** | The password that goes with the `login` username | 🔴 | | This should be left blank if an `login` are authentication token. |
| **`projectBaseDir`** | Set custom project base directory analysis | 🔴 | `.` | |
| **`projectKey`** | The project's unique key | 🔴 | | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |
| **`projectName`** | Name of the project | 🔴 | | It will be displayed on the SonarQube web interface. |
| **`projectVersion`** | The project version | 🔴 | | |
| **`encoding`** | Encoding of the source code | 🔴 | `UTF-8` | |
> [!NOTE]
> If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!
You can set all variable in the "Secrets" settings page of your repository.
## License

15
action.yaml
View File

@ -1,18 +1,15 @@
name: "SonarQube Scan"
description: "Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
author: "Dwi Siswanto"
branding:
icon: "check"
color: "green"
runs:
using: "docker"
image: "Dockerfile"
inputs:
host:
description: "SonarQube server URL."
description: "SonarQube server URL"
required: true
projectKey:
description: "The project's unique key. Allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit."
@ -27,16 +24,12 @@ inputs:
required: false
default: ""
projectBaseDir:
description: "Set the sonar.projectBaseDir analysis property."
description: "Set the sonar.projectBaseDir analysis property"
required: false
default: "."
login:
description: "Login or authentication token of a SonarQube user."
description: "Login or authentication token of a SonarQube user"
required: true
password:
description: "Password that goes with the sonar.login username. This should be left blank if an authentication token is being used."
required: false
encoding:
description: "Encoding of the source code."
required: false
default: "UTF-8"
required: false

57
entrypoint.sh
View File

@ -2,44 +2,27 @@
set -e
REPOSITORY_NAME=$(basename "${GITHUB_REPOSITORY}")
if [[ ! -z "${INPUT_PASSWORD}" ]]; then
echo "::warning ::Running this GitHub Action without authentication token is NOT recommended!"
SONAR_PASSWORD="${INPUT_PASSWORD}"
else
SONAR_PASSWORD=""
if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
EVENT_ACTION=$(jq -r ".action" "${GITHUB_EVENT_PATH}")
if [[ "${EVENT_ACTION}" != "opened" ]]; then
echo "No need to run analysis. It is already triggered by the push event."
exit 78
fi
fi
if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
echo "::error file=${INPUT_PROJECTBASEDIR%/}/pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
exit 1
fi
[[ ! -z ${INPUT_PASSWORD} ]] && SONAR_PASSWORD="${INPUT_PASSWORD}" || SONAR_PASSWORD=""
[[ ! -z ${INPUT_PROJECTKEY} ]] && SONAR_PROJECTKEY="${INPUT_PROJECTKEY}" || SONAR_PROJECTKEY=""
[[ ! -z ${INPUT_PROJECTNAME} ]] && SONAR_PROJECTNAME="${INPUT_PROJECTNAME}" || SONAR_PROJECTNAME=""
[[ ! -z ${INPUT_PROJECTVERSION} ]] && SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}" || SONAR_PROJECTVERSION=""
if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" ]]; then
echo "::error file=${INPUT_PROJECTBASEDIR%/}/build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
exit 1
fi
unset JAVA_HOME
if [[ ! -f "${INPUT_PROJECTBASEDIR%/}/sonar-project.properties" ]]; then
[[ -z "${INPUT_PROJECTKEY}" ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
[[ -z "${INPUT_PROJECTNAME}" ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
[[ -z "${INPUT_PROJECTVERSION}" ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"
sonar-scanner \
-Dsonar.host.url="${INPUT_HOST}" \
-Dsonar.projectKey="${SONAR_PROJECTKEY}" \
-Dsonar.projectName="${SONAR_PROJECTNAME}" \
-Dsonar.projectVersion="${SONAR_PROJECTVERSION}" \
-Dsonar.projectBaseDir="${INPUT_PROJECTBASEDIR}" \
-Dsonar.login="${INPUT_LOGIN}" \
-Dsonar.password="${SONAR_PASSWORD}" \
-Dsonar.sources="${INPUT_PROJECTBASEDIR}" \
-Dsonar.sourceEncoding="${INPUT_ENCODING}"
else
sonar-scanner \
-Dsonar.host.url="${INPUT_HOST}" \
-Dsonar.login="${INPUT_LOGIN}" \
-Dsonar.password="${SONAR_PASSWORD}"
fi
sonar-scanner \
-Dsonar.host.url=${INPUT_HOST} \
-Dsonar.projectKey=${SONAR_PROJECTKEY} \
-Dsonar.projectName=${SONAR_PROJECTNAME} \
-Dsonar.projectVersion=${SONAR_PROJECTVERSION} \
-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} \
-Dsonar.login=${INPUT_LOGIN} \
-Dsonar.password=${INPUT_PASSWORD} \
-Dsonar.sources=. \
-Dsonar.sourceEncoding=UTF-8